1. Summary of Research Conclusions
First of all, the conclusion: the most worthy reference of Palantir Ontology is not that it makes enterprise data into a "knowledge map", but that it combines the data, rules, actions and permissions in the enterprise into a set of business object systems that can be used by people, applications and agents.
This point is very crucial. When many enterprises make AI platforms, their first reaction is to connect models, knowledge bases and packaging tools. However, when it comes to business execution, Agent is often faced with scattered interfaces, scattered documents, different caliber data tables and separate authority systems. Palantir idea is closer to "build a model of the business world of the enterprise first, and then let the AI act in that model".
I took it apart and saw that the core was about four layers:
- Business Object Modeling Layer: uses Object Type, Property Type, Link Type, Interface, and other abstractions to express the real business world.
- Data Mapping and Index Layer: Maps data in databases, data lakes, streaming data, files, and external systems to objects, attributes, and relationships, and builds multiple indexes for object queries, graph queries, searches, time series, and geography.
- Action and Logic Layer : Use Action Type, Function, Query, Workflow and other mechanisms to upgrade "Query Data" to "Trigger Business Action" and support approval, verification, write back, automation and human-machine collaboration.
- Governance and Security Layer: Permissions, data blood, auditing, object-level security, attribute-level security, and dynamic security policies are integrated into the entire process of object query, action execution, and Agent tool invocation.
The inspiration for TAOS is also more direct: enterprise-class Agent OS can't just stop at model access, Prompt management, MCP tool gateway and knowledge base Q & A. It requires a layer of Enterprise Operational Ontology (enterprise operation ontology layer), which allows the Agent to face managed business objects such as "customers, orders, products, stores, packages, work orders, contracts, equipment, policies, approvals", and then complete the business closed loop through controlled actions.
2. Data pool and document list
One point needs to be made here: strictly speaking, there are not many academic papers on Palantir Ontology, and public information is mainly scattered in official white papers, product documents, SDK, patents and a small number of conference papers. Therefore, this material is not a simple paper review, but put these public materials together, from the perspective of engineering implementation to push back the design ideas behind it. Descriptions in patent and product documents will be accompanied by vendor expressions, and the following technical inferences will try to indicate boundaries.
2.1 Official White Papers and Technical Documents
| Type | Information | Technical Value |
|---|---|---|
| Official Architecture Document | The Ontology system | Clear Ontology is the core of the Foundry architecture, which consists of Language, Engine, and Toolchain and integrates Data, Logic, Action, and Security. |
| Official Concept Document | Ontology overview | Explain that the Ontology is a Operational Layer that contains semantic elements and dynamic/action elements. |
| Official concept document | Ontology core concepts | Describe the mapping relationship between Object Type, Property Type, Link Type, Action Type, data source, and model. |
| Official Object Documentation | Object types overview | Explain that an Object Type is a schema definition of a real entity or event. |
| Official Relationship Documentation | Link types overview | Explain that a Link Type is a Schema definition of a relationship between two object types. |
| Official property documentation | Properties overview | Explain that Property is a schema definition of an object's characteristics. |
| Official action document | Action types overview | Explain that an Action Type is a set of business modifications to objects, attributes, and links. |
| Official action rules | [Action rules] | https://palantir.com/docs/foundry/action-types/rules/ that actions can create, modify, and delete objects and links. |
| Official Function Documentation | Functions on Objects | Explain that functions can read and modify objects and links. |
| Official Object Set API | API Object Sets | This section describes how to query objects such as object set filtering, search around, and aggregate computing. |
| official external function | External Functions | indicates that the external service can be called by Webhook, and the object can be written back by Ontology edit Function. |
| Official object backend | Object backend overview | Explain that the Ontology backend is a microservice system, and object data is written by components such as Funnel. |
| Official OSDK | Ontology SDK overview | Explain that you can access the Ontology through SDKs such as TypeScript, Python, Java, and OpenAPI. |
| Official Permissions Document | Object permissioning overview | Explain that fine-grained permissions can be configured for Ontology entities such as objects and links. |
| Official Security Documentation | Managing object security | Describe object instance-level, attribute-level, and cell-level security policies. |
| Official AI Architecture | AIP architecture | Explain that AIP activates Data, Logic, Action, and Security through Ontology. |
| Official Automatic Modeling | HyperAuto architecture | Explain that source system metadata can be used to automatically generate data synchronization, transformation, and Ontology recommendations. |
| Official White Paper | Foundry Technical Overview 2022 | Explain that Core Ontology contains semantic objects, relationships, Functions, Actions, and decision capture and writeback. |
| Official white paper | Enabling Interoperability and Embracing Openness with Foundry | Explain that Ontology definitions are stored in JSON and support open interfaces such as RDF, OWL, and REST API. |
| Official White Paper | Foundry Streaming White Paper | Explain how streaming data is Hydrate, Activate, and Wielded into Ontology. |
2.2 Official Blog and AI Agent Information
| Type | Information | Technical Value |
|---|---|---|
| Official Blog | Connecting AI to Decisions with the Palantir Ontology | The proposed decision consists of Data, Logic and Action, which Ontology capture the decision context and execute the closed loop. |
| Official Blog | Connecting Agents to Decisions | Explain that when an Agent is connected to a decision, it needs unified data, logic, action, security, and decision blood. |
| Official Blog | Securing Agents in Production | Explain working memory, episodic memory, semantic memory, procedural memory, security control, and tool governance in production-level Agent Runtime. |
| Official Blog | Building with Palantir AIP: the OSDK | Explain that OSDK allows developers to build applications based on business Ontology instead of directly operating the underlying system. |
| Industry AI | Explain that Ontology can be used as an enhanced UNS in industrial scenarios, connecting data, logic and actions. |
2.3 Patents and Engineering Implementation Clues
| Type | Information | Technical Value |
|---|---|---|
| Patent | US8489623B2:Creating data in a data store using a dynamic ontology | Explain the use of object type, attribute type, Parser, Mapping, and Validator to convert input data into dynamic ontology data. |
| Patent | US9330157B2:Cross-ontology multi-master replication | Explain that different organizations/systems can Ontology Map for object, attribute, link type mapping and multi-master replication. |
| Patents | US20250077899A1:Systems and methods for knowledge graphs | Describes the knowledge graph construction ideas of Source Graph, Domain Graph, Mapping Profile, and Compiler. |
| patent | US20240354325A1:Efficient data indexing across multiple ontology-based databases | shows that Ontology objects can be mapped to multiple types of backends such as graph databases and relational databases at the same time, and access control and blood ties are maintained. |
| Patent | US12405983B1:Interacting with ontology-based databases using machine learning | Explains how ML/natural language queries are converted into graph queries, SQL queries, and combines object-level security and kinship. |
| SDK | palantir/foundry-platform-Python Ontology API | Note The Ontology metadata includes Objects, Links, Actions, Queries, and Interfaces. |
| SDK | palantir/osdk-ts | Description TypeScript OSDK supports applications to access Ontology in a type-safe manner. |
| SDK | @ osdk/maker README | Note You can use code to define shared properties, Value Type, Interface, Object, Link, Action, and Derived Property. |
2.4 Academic and Research Materials
| Type | Information | Technical Value |
|---|---|---|
| Conference Paper | A Brief Analysis of Palantir Gotham: A Collaborative and Interactive Big Data Visualization Analysis Software Based on Dynamic Ontology | Analysis Palantir Gotham's dynamic ontology, structured data mapping, big data integration, business mapping and collaborative analysis architecture. |
| Research Paper | The Seer and the Seen: A Survey of Topics Found in Palantir Patents | Thematic analysis of Palantir patents, covering topics such as ontology, semantic data structure, data integration, management analysis and prediction. |
3. What is Palantir Ontology?
3.1 one sentence definition
In one sentence, I would understand Palantir Ontology as the "executable object layer" of the enterprise business world ". It does not only describe "what entities are there and what relationships are there between entities", but further describes "who can see these objects, what actions can be performed, how actions are verified, where they are written back after execution, and how the whole process is audited".
3.2 it's not just a knowledge map
Traditional knowledge graph focuses on "entity, relationship and semantic query", and mainly answers "what is and what is the relationship". The focus of the Palantir Ontology is more on the operating system, and the answer is "based on these business objects, what can we do, who can do it, where to write and how to audit".
| Comparison Items | Traditional Knowledge Graph/Semantic Layer | Palantir Ontology |
|---|---|---|
| Key Objectives | Unify semantics, support query and analysis | Support business operations, closed-loop decision making, and action execution |
| Data Abstraction | Entity, Relationship, Attribute | Object Type, Property, Link Type, Action Type, Function, Policy |
| Operation Mode | Most of them are read-only. | Integrated read-write, action execution, approval, write-back, and external call are supported. |
| Security governance | Data table/graph-level permissions | Object-level, attribute-level, action-level, function-level, dynamic policy, and kinship audit |
| AI Adaptation | Usually used as RAG or semantic query base | Used as business tool layer, memory layer, decision context and action boundary of Agent |
| API | SPARQL, Graph API, SQL, Search API | OSDK, REST/OpenAPI, Object Set API, Function, Action, Low-Code Application |
3.3 it's not just a data center
The data center typically focuses on data collection, modeling, metrics, reports, labeling, and services. Ontology go one step further: translate data assets into objects that business people, applications, and agents can understand, and bind these objects to actions. For example:
-The data center cares about "order table, customer table, product table, indicator table".
-Ontology care about the customer object, order object, product object, which organization the customer belongs to, the current risk of the order, what actions can be initiated, whether the actions need approval, and which system to write back to after execution ".
So I prefer to think of Ontology as an "operational object model" between the data middle desk and the business application ". For Agent OS, this layer is especially important because it determines whether the agent is "reading data and adjusting interfaces" or working in a governed business world.
4. Core abstract model
4.1 Object Type: Business Object Type
An Object Type is a schema definition of a real-world entity, event, or business concept. Typical objects include:
-Communications industry: customers, numbers, packages, bills, tariffs, base stations, work orders, complaints, marketing activities.
-Food and beverage industry: brands, stores, dishes, orders, members, inventory, suppliers, employees, shifts, activities.
-Manufacturing industry: equipment, production lines, work orders, materials, batches, quality events, maintenance plans.
-Government and enterprise scenarios: enterprises, projects, contracts, personnel, assets, approval documents, risk events.
Object Type should not simply copy database tables, but should express stable business concepts that business users and agents can understand.
4.2 Property: Object Properties
Property are the fields and characteristics of an object, for example:
-Customer object: customer number, customer level, attribution area, ARPU, churn risk, time of last complaint.
-Store object: store code, brand, city, business status, daily turnover, customer complaint rate, inventory risk.
-Work Order Object: Work Order Type, Priority, Current Status, Handlers, SLA Remaining Time.
In terms of technical implementation, Property need to support:
-Base type: String, Number, Boolean, Date, Datetime, Enum.
-Complex types: JSON, Array, Geo, Media, Attachment.
-Analysis type: Time Series, Metric, Embedding, Score, or Feature.
-Governance attributes: source system, update time, blood ID, trust level, desensitization level.
4.3 Link Type: Object Relationship Type
A Link Type describes a business relationship between two object types, for example:
-Customers "order" packages.
-The store "belongs" to the brand.
-The job is "associated" with the customer.
-The device is "at" the site.
-Dishes "consume" raw materials.
Relationships need to express direction, cardinality, navigability, and security policies. Much of the agent's reasoning power comes not from the big model itself, but from these explicit business relationships. For example, "find out the reason why a store's bad reviews have increased in the last 7 days" requires searching along the relationship between stores, orders, reviews, dishes, shifts, employees, inventory, etc.
4.4 Interface and Shared Property Type: Shared Semantics
Interface can be understood as a set of properties and behaviors that are reused across objects. For example:
-Approvable objects: approval status, applicant, approver and approval time.
-Locatable objects: longitude, latitude, administrative division.
-Traceable object: creation time, update time, source system, blood ID.
-Risk assessable objects: risk level, risk reason, scoring model version.
This type of design prevents each object from repeatedly defining similar fields, and also allows the Agent to use unified logic to process different objects. For example, all objects that implement Approved Object can access the same set of Approval Actions.
4.5 Action Type: Business Action Type
Action Type is a key capability that distinguishes Palantir Ontology from the general knowledge graph. Action is not a normal button, but a business operation subject to schema, rules, permissions, approval, and audit constraints.
Typical Actions include:
-Create a job.
-Modify customer packages.
-Adjust the store inventory alert threshold.
-Launch a marketing campaign.
-Approve price changes.
-Mark the device as faulty.
-Trigger external system writeback.
An Action Type usually needs to be defined:
-Input parameters: which fields are required for the action.
-Action object: which Object Type or Link Type the action acts on.
-Validation rules: under which conditions submission is allowed.
-Permission policy: who can execute and whether the Agent can execute.
-Approval rule: whether manual confirmation is required.
-Execution logic: rule-based updates, function calls, workflow calls, external API calls.
-Writeback policy: Writeback Ontology, local object library, source system, or message queue.
-Audit information: who triggered the action when and for what context.
4.6 Function / Query: Business Logic Encapsulation
Function and Query are used to encapsulate reusable business logic:
-Query is read-only and is used for object filtering, graph traversal, aggregation, metric calculation, and complex queries.
-Function encapsulates computation, model inference, external service invocation, and object editing.
-Function-backed Action can host complex action logic for code execution.
-The External Function can be connected to the internal interface, model service, ERP, CRM and work order system through the Webhook.
For TAOS, this part can be combined with MCP, enterprise internal API gateway and workflow engine. MCP tools should not be just "bare interfaces", but should be mounted to concrete objects and actions.
4.7 Security Policy: Object-Level Security and Action-Level Security
Ontology security is not only controlled on the page menu, but throughout:
-Whether the object type is visible.
-Whether the object instance is visible.
-Whether the property is visible.
-Whether the relationship is traversable.
-Whether the Action is executable.
-Whether the Function is callable.
-Whether the Agent can execute on behalf of the user.
-Whether the output content can be written to memory or log.
This is critical for enterprise-class agents. Agent cannot bypass the existing permission system of the enterprise just because it can call tools. It is more reasonable for the Agent to inherit the user identity, position role, data domain, security level, and scenario authorization, and evaluate the policy for each object query and action execution.
5. Ontology technical implementation ideas
Overall 5.1 Architecture

If you only look at the product introduction, it is easy to understand the Ontology as an "advanced data catalog" or "business map". However, from the combination of public documents, SDK and patent information, it is more like a metadata-driven runtime system. In the picture above, I split it into three pieces:
- Ontology Language: defines the language of the business world, including objects, attributes, relationships, actions, functions, and security policies.
- Ontology Engine: Execute this set of languages, including object queries, graph traversal, indexing, action execution, transactions, writeback, and subscriptions.
- Ontology Toolchain: Provides a toolchain for modeling, publishing, SDK generation, application building, permission governance, and audit operations.
The most notable one here is the Engine. Without Engine,Ontology is just a beautiful metamodel; with Engine, it can compile object definitions into queries, indexes, permission judgments, and action executions.
5.2 Data Entry Ontology:Hydrate
Hydrate can be understood as the process of "pouring existing enterprise data into the world of business objects. This process is not just ETL, the real trouble is to translate technical fields into business semantics.

I think there are a few points here that are easily underestimated:
-Identify the primary key, foreign key, enumeration, time field, state field, and permission field of the source system first.
-Redesign the business object instead of mechanically copying the table structure.
-Describe "how source fields are mapped to object attributes and source table relationships are mapped to Link" with Mapping Profile ".
-Use Parser and Validator for data type conversion, quality verification, standardization and exception logging.
-Record the source, update time, kinship and trust level for each object, attribute, relationship.
5.3 From Object to Action: Activate
Activate solves another problem: how to make the object really participate in business actions after it is built. A read-only object model can only support analysis and become an operational object layer after query, Function, action, and policy are bound.

For example, in the communications industry:
-Customer object binding "Query Customer Profile" Query.
-The "Adapt to package recommendation" Function is bound to the package object.
-The customer-package relationship binds the "change package" action.
-Strict access policies for high-value customers and sensitive tariff attributes.
-Agents can only access and manipulate business objects through these controlled queries, Function, and actions.
5.4 action execution link

This link is also the key boundary that I think TAOS needs to absorb: Agent should not directly adjust the database or bare API, but perform business actions through the governed Action. Only in this way can the authority, approval, audit, failure compensation and business responsibility be put into the same link.
5.5 Object Storage and Multiple Backend Indexes
A clear signal from public patents and official information is that the Ontology back-end is probably not a single database, but a multi-back-end object index system. It is more reasonable to give different query loads to different stores:
-Relational databases are suitable for storing normalized object properties, versions, transactions, and metadata.
-The graph database is suitable for relational traversal, Search Around, path query and network analysis.
-Search engine suitable for full-text search, fuzzy matching, multi-condition filtering.
-Time series databases are suitable for IoT, metrics, performance curves, and historical trends.
-Vector database is suitable for document semantics, object similarity, case recommendation and Agent memory retrieval.
-Object storage is suitable for attachments, pictures, contracts, audio and video, model files.
Therefore, the technical key is not to choose a "universal database", but to use Ontology Metadata as a unified schema, compile the same business object into different back-end indexes, and select the appropriate execution plan by Engine during query.
5.6 Metadata Driver and SDK Generation
Another engineering value of Ontology is metadata-driven. Once objects, properties, relationships, actions, functions, interfaces, and policies are registered as metadata, they can be further generated:
-API documentation.
-TypeScript/Python / Java SDK.
-MCP tool description.
-Low code form.
-Permission configuration interface.
-Action parameter validator.
-Agent Tool Schema.
-Audit and Bloodline templates.
In other words, once the business model is precipitated, it is not just a modeling document for people to see, but a "business operating system API" that people, applications, and agents can call ".
6. Relationship between Ontology and Agent OS
In order for Agent OS to truly enter the enterprise production environment, I think three questions must be answered first:
- What the Agent looks at: Can you see the correct, up-to-date, and permission-controlled business context.
- What Agent can do: Can it affect real business systems through controlled actions.
- How Agent is responsible for : whether it can record the reason, context, executor, approver, input and output and result.
The value of Ontology is here: it puts these three problems into the same framework.
| Agent OS | Capabilities Provided by Ontology | TAOS Design Implications |
|---|---|---|
| What does the agent look at? | Object, Property, Link, Query | The agent obtains the context through the business object instead of directly reading tables or documents. |
| What the Agent can do | Action, Function, Workflow, Writeback | Agents invoke tools and write back to the system through controlled actions. |
| How the Agent is responsible for | Policy, Audit, Lineage, Scenario | Each query and action is traceable, approvable, and replayed. |
| How does the Agent memorize | Object-based Session, tasks, Decision, and memories | The memory is incorporated into the Ontology instead of being scattered in the vector library. |
| How to reuse Agent capabilities | OSDK, MCP Gateway, Tool Schema | Unify object capabilities, action capabilities, Prompt, and Skill into assets. |
7. TAOS can learn from the enterprise operation ontology design
7.1 Core Objects in TAOS
For TAOS, you can first objectification the assets that are most likely to get out of control and most worthy of precipitation in the operation of the enterprise Agent:
| Object Type | Description |
|---|---|
| BusinessObject | Real business objects of the enterprise, such as customers, stores, commodities, work orders, contracts, and equipment. |
| KnowledgeAsset | Knowledge assets, such as documents, systems, FAQs, metrics, process specifications, and product manuals. |
| PromptAsset | Prompt assets, such as Architecture Prompt, Security Prompt, Domain Prompt, and Review Prompt. |
| SkillAsset | Skill assets, such as query skills, review skills, planning skills, and tool invocation skills. |
| MCPTool | MCP tool after enterprise internal interface encapsulation. |
| Agent | Agent instances, including roles, targets, models, tools, permissions, and running policies. |
| Session | Session object for session ID isolation, context summary, task status, and permissions boundaries. |
| Memory | Memory objects, including working memory, episodic memory, semantic memory, and procedural memory. |
| Action | You can perform actions, such as querying customers, creating work orders, initiating approval, calling interfaces, and updating knowledge. |
| Policy | Permissions and governance policies, such as RBAC, ABAC, data classification, approval rules, and output constraints. |
| Decision | Decision records, including inputs, inference processes, cited knowledge, actions, results, and feedback. |
7.2 TAOS Ontology Metamodel Recommendations
7.3 TAOS Technology Module Split
| Module | Responsibilities | Suggest Technology |
|---|---|---|
| Ontology Metadata Service | Manage objects, attributes, relationships, actions, functions, and policy metadata | PostgreSQL JSONB, Schema Registry, and OpenAPI |
| Object Store | Stores object instances, properties, versions, and sources | PostgreSQL, MySQL, and Lakehouse tables |
| Graph/Link Store | Stores object relationships and graph traversal indexes | Neo4j, JanusGraph, ArangoDB, NebulaGraph |
| Search Index | Supports object search, full-text search, and complex filtering | OpenSearch, Elasticsearch |
| Vector Index | Support knowledge, memory, case, object similarity retrieval | Milvus, Qdrant, pgvector |
| Time Series Store | Supports metrics, IoT, behavior series, and trend analysis | TimescaleDB, Druid, and ClickHouse |
| Mapping and Sync Service | Source system-to-object model mapping, synchronization, CDC, and quality verification | Kafka/Pulsar, Debezium, Airflow, and Flink |
| Action Runtime | Execute object actions, approvals, writebacks, compensation, and workflows | Temporal, Camunda, Flowable, Spring Boot |
| Function Runtime | Execution rules, models, external functions, plug-in logic | Java/Python Sandbox, Serverless, K8s Job |
| Policy Engine | Object-level, attribute-level, action-level, and agent-level permissions | OPA, Casbin, Keycloak, IAM/SSO |
| MCP Gateway | Exposes enterprise interfaces, object queries, actions as MCP tools | MCP Server, OpenAPI Adapter, Tool Registry |
| OSDK Generator | Automatically generate the business object SDK and Tool Schema | OpenAPI Generator, TypeScript, Python, and Java SDKs |
| Audit & Lineage | Record query, action, decision, model, Prompt, tool call blood | OpenTelemetry, Kafka, log lake, audit library |
| Ontology Studio | Visual modeling, mapping, publishing, version comparison, and governance | Front-end modeler, Draw.io/Graph UI, low-code forms |
8. Combination of MCP, Prompt, Skill and Ontology in TAOS
8.1 MCP is not an interface market, but an execution channel for Action
After the internal interface of the enterprise is packaged into MCP, I do not recommend directly exposing it to Agent. A safer way is to bind to the Ontology Action first.
For example:
-Bare MCP tool: 'changeCustomerPlan(customerId, planId)'.
-Ontology Action: 'Customer. Change Package '.
-Action Governance: Check whether the customer exists, whether the package is available for sale, whether the user has permission, whether approval is required, whether change reasons need to be recorded, and whether to write back to CRM/BOSS.
The benefits of this are more practical:
-Agent sees business actions, not technical interfaces.
-Unified closing of parameter verification, permission, approval and audit.
-The same action can replace the underlying implementation without affecting the Agent and the application.
-Actions can be reused by people, agents, workflows, low-code applications.
8.2 Prompt Asset should be a Ontology asset
If the Prompt Library is only a Prompt text warehouse, its value will be relatively limited. What can really settle down should be the Prompt Asset System.
PromptAsset recommendations for inclusion in Ontology management:
-Prompt types: Architecture Prompt, Security Prompt, Domain Prompt, Review Prompt, and Operation Prompt.
-Applicable objects: Bind to Object Type, Action Type, Agent Role, and business scenario.
-Version governance: draft, review, release, discard, rollback.
-Quality indicators: hit rate, satisfaction, error rate, tool call success rate, manual correction rate.
-Security policy: whether it can be used for sensitive data, whether to allow outgoing, whether to allow automatic execution of actions.
-Optimization of closed loop: Combined with SkillOpt / PromptOpt ideas, continuous optimization based on evaluation sets and real running logs.
The core of the Prompt Governance is not "who writes Prompt fast", but who can turn Prompt into an enterprise-level asset that can be governed, evaluated, reused, audited, and continuously optimized.
8.3 Skill management should also be object-based
Skill is the reusable capability unit of Agent, which can include:
-Domain analysis skills.
-Tool calling skills.
-Review skills.
-Summary skills.
-Planning skills.
-Report generation skills.
-Code generation skills.
-Safety inspection skills.
SkillAsset need to record:
-Input/output Schema.
-Callable tools.
-Dependent on Prompt.
-Reliance on knowledge assets.
-Applicable Agent.
-Permission boundaries.
-Evaluation results.
-Version and release status.
In this way, Skill can precipitate and reuse like SDK, component library and rule library.
8.4 Memory Should Also Enter Ontology Governance
The memory of an enterprise agent cannot be just fragments of a vector library. My suggestion is to split the memory into four categories and then include object management:
| Memory Type | Description | TAOS Implementation Recommendations |
|---|---|---|
| Working Memory | The temporary context of the current task | Bind the Session, set the TTL, and archive the summary after the session ends. |
| Episodic Memory | The process record of a task, session, or decision | is saved as a Decision, task, or Session object, and can be audited and replayed. |
| Semantic Memory | Stable knowledge, facts, rules, and business dimensions | Enter KnowledgeAsset or BusinessObject attributes. |
| Procedural Memory | Work Methods, Processes, Operational Strategies | Enter SkillAsset, PromptAsset, and Workflow. |
Session ID isolation can be embodied on Session objects:
-Each session creates a separate Session ID.
-Session the user, organization, agent, task, and permission context.
-Working Memory, tool call, temporary file, context summary are bound to Session ID.
-Information that is multiplexed across Session must be summarized, desensitized, validated and assetized.
-In high-risk scenarios, only the audit summary is retained after the Session, not the complete context.
9. TAOS Landing Route Recommendations
9.1 Phase 1: Read-Only Business Object Layer
In the first stage, don't rush to do complex actions, let the Agent and application "understand the enterprise" first ".
Key work:
-Select 2 to 3 core business domains, such as customer, product, work order or store, order, member.
-Create Object Type, Property Type, Link Type.
-Access to core data sources to complete Mapping Profile.
-Establish object query API, graph traversal API, search API.
-Access basic permissions and audits.
-Let the Agent answer business questions through object queries.
Deliverable:
-Business object model.
-Data mapping table.
-Object Query Service.
-Object graph visualization.
-Agent Read-only Q & A Demo.
9.2 Phase II: Controlled Action and MCP Writeback
In the second stage, the Agent is pushed from "question and answer assistant" to "executable assistant", but the action should start from the low-risk scene.
Key work:
-Select low-risk actions, such as create work orders, generate reports, initiate approvals, query inventory, send notifications.
-Encapsulate the internal interface as an MCP tool.
-Bind the MCP tool to the Ontology Action.
-Added Action parameter verification, permission, approval, and audit.
-Support action execution results written back to the object layer and source system.
Deliverable:
-Action Registry.
-MCP Gateway.
-Action Runtime.
-Approval and audit links.
-The Agent performs the action Demo.
9.3 Phase III: Prompt / Skill / Memory Asset
The focus of the third phase is to transform Agent capabilities from personal experience to corporate assets.
Key work:
-Create PromptAsset, SkillAsset, Memory, Decision, etc.
-Establish Prompt version management, review and release, evaluation and optimization process.
-Establish Skill registration, dependency management, evaluation, and grayscale release mechanisms.
-Establish Session isolation, contextual summaries, and memory governance.
-Establish a closed loop from the running log to the optimized data set.
Deliverable:
-Prompt Asset System.
-Skill Registry.
-Agent Memory Service.
-PromptOpt/SkillOpt evaluation optimization closed loop.
9.4 Phase IV: Decision Closed Loop and Industry Scenario Replication
The fourth stage is suitable to talk about industry replication. When the first three steps do not run through, the industry template is often just a concept package.
Key work:
-Package industry objects, actions, Prompt, Skill, Workflow as industry templates.
-Establish scenario simulation, scheme comparison and selection, manual approval and execution feedback closed loop.
-Access to BI, low-code applications, mobile and business workbenches.
-Establish multi-tenant, multi-organization, multi-data domain isolation.
-Establish asset markets and reuse mechanisms.
Deliverable:
-Industry Ontology template.
-Agent Scene Pack.
-Decision closed loop workbench.
-Enterprise-level asset markets.
10. Key Design Principles
- First business object, then technical interface
Do not let the Agent face tables, interfaces, document fragments. First abstract stable business objects such as customers, orders, stores, products, work orders, etc.
- The object model is not equal to the database table model.
Object Type should serve the business understanding and action closed loop, and cannot simply copy the source system table structure.
- Action is a first class citizen
The value of enterprise-class agents is not just to answer questions, but to complete actions safely, controllably, and auditable.
- Permissions must sink to objects, attributes, relationships, actions, and memories
You cannot do only menu permissions or interface permissions. What the Agent accesses, remembers, outputs, and executes is controlled by policy.
- The Ontology is an operational projection and does not necessarily replace the source system
The source system can still be a fact source, Ontology responsible for unifying object views, operational abstractions, writeback coordination, and audit closed loops.
- Prompt and Skill to be governed like code assets
Version, review, release, evaluation, rollback, dependency, permission, and usage statistics are required.
- Memory needs governance, not just storage
The memory of an enterprise Agent is bound with Session, users, permissions, tasks, sources, and life cycles.
- From the narrow scene to do deep, do industry template
Don't start to build a whole enterprise big and all Ontology. Priority is given to high-frequency, high-value, clear boundary business closed loop.
11. Suggestions for specific enhancements to the TAOS scheme
It is recommended to add a new core chapter in the TAOS upgrade plan: Enterprise Operational Ontology: Enterprise Operation Ontology Layer.
This chapter can be used as the central ability of TAOS, and the relationship with the original ability is as follows:
| TAOS Original Capabilities | Ontology Enhancement Methods |
|---|---|
| Agent Runtime | The Agent runtime obtains the context, calls the action, and records the Decision through the Ontology. |
| MCP gateway | The MCP tool binds Ontology actions to form a business action layer. |
| Prompt Library | PromptAsset bind objects, actions, scenarios, and profiling metrics. |
| Skill Management | Bind Prompts, tools, objects, and permission policies SkillAsset. |
| Knowledge Governance | KnowledgeAsset and BusinessObject are mapped to form unified governance of knowledge data actions. |
| Memory system | Memory, Session, Decision objectification, support for summarization, isolation, lifecycle, and auditing. |
| Security Governance | Policy Engine sinks into objects, attributes, relationships, actions, tools, and memories. |
| Evaluation optimization | Run logs, decision results, and manual feedback enter the Evaluation Dataset to drive PromptOpt/SkillOpt. |
It is recommended that the technical positioning of TAOS be further upgraded from an "enterprise-class intelligent body management platform":
TAOS is an Agent Operating System for enterprise production environment. with the enterprise operation ontology as the core, it unifies data, knowledge, Prompt, Skill, MCP tools, business actions, security policies and Agent Runtime to help enterprises upgrade AI from question-and-answer capability to controllable, auditable and reusable business execution capability.
12. Presales oriented
In the pre-sales scene, the following passage can be used to explain why TAOS needs Ontology:
The biggest difficulty for an enterprise to become an Agent is not how many models are connected or how many tools are encapsulated, but whether the Agent truly understands the business world of the enterprise. Through the enterprise operation ontology, TAOS models customers, products, orders, stores, work orders, contracts, knowledge, Prompt, Skill, tools, and actions in a unified way, allowing agents to obtain context, call capabilities, execute actions, and accept permissions, security, and audit constraints in the same business language. In this way, AI can change from "being able to answer" to "being able to handle affairs, doing it accurately, doing it stably, and doing it traceable".
If the customer is already working on a knowledge base, tool platform, or agent platform, you can also use the following comparison table to communicate the differences:
| Agent platform without Ontology | TAOS with Ontology |
|---|---|
| The agent directly reads documents and tunes interfaces, so the semantics are unstable. | The agent understands the enterprise through business objects. |
| Many tools, but missing business boundaries | Tools are encapsulated as governed Action |
| Prompt is maintained by personal experience | Prompt becomes a reviewable, evaluable and reusable asset |
| Memories are scattered in vector libraries and logs. | Memories are bound to Session, tasks, permissions, and life cycles. |
| Permissions are mainly controlled by interfaces or pages. | Permissions sink to objects, properties, actions, and outputs. |
| It's hard to explain why agents do this. | Every decision has objects, knowledge, prompts, tools, and actions. |
| Scene replication depends on manual rebuild | Industry objects, actions, Prompt, Skill can be reused in templates |
13. Risks and Constraints
13.1 over-modeling risk
The most easy place for Ontology to go is to make a huge and heavy enterprise model project. It is recommended to start from the scene and only build the objects, relationships, and actions that are really needed by the current business closed loop.
13.2 Data Quality Risk
If the source system master data is confused, field meanings are inconsistent, and permission tags are missing, Ontology will only expose the problem more clearly. Supporting data quality, master data, consanguinity and responsible person mechanisms are needed.
13.3 Writeback Consistency Risk
When an agent performs an action, it may affect both the Ontology object library and multiple source systems. The source of facts, transaction boundaries, compensation mechanisms, failure retries, and manual support need to be clarified.
13.4 Security Complexity Risk
Object-level, attribute-level, action-level, and Agent-level permissions significantly increase governance complexity. It is recommended to establish clear data fields, roles, security levels, and approval rules in the early stage, and gradually refine them.
13.5 Agent Illusion and Misoperation Risk
Ontology can constrain the agent's input, context, and action boundaries, but it cannot completely eliminate the model illusion. High-risk actions must be added with manual confirmation, rule checksum and rollback.
14. Minimum feasible architecture proposal
If TAOS wants to be a landing MVP, I suggest starting with the following minimum closed loop:

MVP does not need to do a complete knowledge map and full object library at the beginning. It is more important to verify a few basic questions:
-Whether the Agent can stably understand the business through the object model.
-Whether the MCP tool can be safely executed via Action.
-Whether Prompt, Skill and Memory can be managed as assets.
-Whether permissions and audits can cover a complete decision link.
-Whether business people can continuously expand the scene based on objects and actions.
15. Recommend follow-up work
- Upgrade the knowledge governance in the TAOS solution to" enterprise operation ontology governance "
Governance not only document knowledge, but also business objects, relationships, metrics, actions, Prompt, Skill, and memory.
- Complements the TAOS Ontology Studio Design
Includes object modeling, relational modeling, data mapping, action configuration, permission configuration, version release, and impact analysis.
- Complementary TAOS MCP Action Gateway Design
Clarify how MCP tools are registered, how objects are bound, how permissions are included, approvals, and audits.
- Supplemental TAOS Prompt / Skill / Memory Asset Model
The Prompt Library, Skill management, context summary, session isolation and memory management to the Ontology Asset system.
- Choose an industry model to do PoC
For communication customers, you can choose "customer-product-tariff-work order-marketing" closed loop. For catering customers, you can choose "brand-store-order-member-inventory-evaluation" closed loop.